App Services Basic Architecture

This repository contains the Bicep code to deploy an Azure App Services basic architecture.

Deploy

The following are prerequisites.

Prerequisites

1. Ensure you have an Azure Account
2. Ensure you have the Azure CLI installed
3. Ensure you have the az Bicep tools installed

Use the following to deploy the infrastructure.

Deploy the infrastructure

The following steps are required to deploy the infrastructure from the command line.

1. In your command-line tool where you have the Azure CLI and Bicep installed, navigate to the root directory of this repository (AppServicesRI)

2. Login and set subscription if it is needed

  az login 
  az account set --subscription xxxxx

1. Update the infra-as-code/parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "baseName": {
      "value": ""
    },
    "sqlAdministratorLogin": {
      "value": ""
    },
    "sqlAdministratorLoginPassword": {
      "value": ""
    }
  }
}

Note: Take into account that sql database enforce password complexity

1. Run the following command to create a resource group and deploy the infrastructure. Make sure:

   • The BASE_NAME contains only lowercase letters and is between 6 and 12 characters. All resources will be named given this basename.
   • You choose a valid resource group name

   LOCATION=westus3
   BASE_NAME=<base-resource-name>
   RESOURCE_GROUP=<resource-group-name>

   az group create --location $LOCATION --resource-group $RESOURCE_GROUP

   az deployment group create --template-file ./infra-as-code/bicep/main.bicep \
     --resource-group $RESOURCE_GROUP \
     --parameters @./infra-as-code/bicep/parameters.json \
     --parameters baseName=$BASE_NAME

Publish the web app

Deploy zip file from App Service Sample Workload

APPSERVICE_NAME=app-$BASE_NAME
az webapp deploy --resource-group $RESOURCE_GROUP --name $APPSERVICE_NAME --type zip --src-url https://raw.githubusercontent.com/Azure-Samples/app-service-sample-workload/main/website/SimpleWebApp.zip

Validate the web app

Retrieve the web application URL and open it in your default web browser.

APPSERVICE_URL=https://$APPSERVICE_NAME.azurewebsites.net
echo $APPSERVICE_URL

Optional Step: Service Connector

This implementation is using a classic connection string to access the database, the connection string is stored in an App Service setting called "AZURE_SQL_CONNECTIONSTRING". You can use Service Connector to configure the connection. Service Connector makes it easy and simple to establish and maintain connections between services. It reduces manual configuration and maintenance difficulties. You can use Service Connector either from Azure Portal, Azure CLI or even from Visual Studio to create connections.

You must open Azure Cloud Shell on bash mode to execute these CLI commands. The commands need to connect the database and only azure services are allowed in the current configuration.

   # Set variables on Azure Cloud Shell
   LOCATION=westus3
   BASE_NAME=<base-resource-name>
   RESOURCE_GROUP=<resource-group-name>
   APPSERVICE_NAME=app-$BASE_NAME
   RESOURCEID_DATABASE=$(az deployment group show -g $RESOURCE_GROUP -n databaseDeploy --query properties.outputs.databaseResourceId.value -o tsv)
   RESOURCEID_WEBAPP=$(az deployment group show -g $RESOURCE_GROUP -n webappDeploy --query properties.outputs.appServiceResourceId.value -o tsv)
   USER_IDENTITY_WEBAPP_CLIENTID=$(az deployment group show -g $RESOURCE_GROUP -n webappDeploy --query properties.outputs.appServiceIdentity.value -o tsv)
   USER_IDENTITY_WEBAPP_SUBSCRIPTION=$(az deployment group show -g $RESOURCE_GROUP -n webappDeploy --query properties.outputs.appServiceIdentitySubscriptionId.value -o tsv)
   
   # Delete current app service conection string, you could verify that the key was deleted from the Azure portal
   az webapp config appsettings delete --name $APPSERVICE_NAME --resource-group $RESOURCE_GROUP --setting-names AZURE_SQL_CONNECTIONSTRING

   # Install the service connector CLI extension
   az extension add --name serviceconnector-passwordless --upgrade

   # Invoke the service connection command
   az webapp connection create sql --connection sql_adventureconn --source-id $RESOURCEID_WEBAPP --target-id $RESOURCEID_DATABASE --client-type dotnet --user-identity client-id=$USER_IDENTITY_WEBAPP_CLIENTID subs-id=$USER_IDENTITY_WEBAPP_SUBSCRIPTION
   # The AZURE_SQL_CONNECTIONSTRING was created again but the connection string now includes "Authentication=ActiveDirectoryManagedIdentity"
   

Clean Up

After you have finished exploring the AppService reference implementation, it is recommended that you delete Azure resources to prevent undesired costs from accruing.

az group delete --name $RESOURCE_GROUP -y